I don’t need a secure website, what’s the worst that can happen?

So, you really don’t need a secure website?  

It seems an erroneous claim – a website is a platform that constitutes a large part of a business’s data. Whether that’s the paid-for content housed in a CMS, or client information held with permission, all of it is subject to security breaches that could have costly or even legal implications.  

The need to protect your assets is paramount in an increasingly stringent compliance landscape. It could require some investment, but you’d be ruing the day security was lacking from your hosted site. Plus, a lack of security can inadvertently lead to poor performance, search engine rankings, and user experience for potential customers.  

The startling price of cybercrime

Web security has remained front of mind, particularly due an influx as a result of the pandemic. This year, the same as the last, almost 40% of UK businesses have identified a cyber-attack against them. Phishing remains a popular scam, but there’s also high-level threats from malware, bots, or DDoS attacks utilised by highly skilled hackers. 

As of 2020, Statista has ranked the top worldwide fine settlements as a result of data breaches. In 2017, a whopping $575 million was dished out to one of the globe’s top credit reporting agencies Equifax. It was reported that around 148 million data records were compromised as a result of criminal activity online.  

Financial institutions that house vast amounts of client data and money are top targets for opportunistic hackers. On the same list, Capital One faced fine of $80 million too. But hackers are industry-agnostic, targeting large leisure corporations such as Marriott Hotels, supermarkets, and well-known technology companies including Yahoo and Google.  

GDPR adds another layer

Notably, the second most hefty fine included airline company British Airways in 2018, having to settle $230 million with the UK’s data protection authority. Due to their lax security measures, employee and customer data – passwords, addresses, payment numbers etc – was stolen even under the watchful eye of General Data Protection Regulation (GDPR), the number of customers affected being in the hundreds of thousands. 

GDPR came into effect in May 2018 and has a massive effect on the way that marketing teams collect and store their customers’ personal data. Greater protection and permissions have been granted to web users that choose to give their data over to corporations. While an EU legislation, it can affect any company dealing with clients in regulated jurisdictions.  

GDPR is a paramount security issue as individuals or corporations are covered by law whether they are controllers (who determines the purpose of the data) or processors (who process the data on behalf of the controller). Regulators are clamping down fast on those not adhering to the rules, including tech giants such as WhatsApp and Facebook. Amazon has received the largest GDPR fine yet at €746 million for tracking user data without consent in its EU headquarters.  

Data collection forms, pop-up, attestations, cookies and cached information are all subject to compliance checks under GDPR, which are far easier to keep secure from breaches with a trusted website hosting partner.  

Security considerations

A well-managed and supported hosting platform can include a myriad of security solutions, able to be implemented to curb the threats of cyber crime and avoid the above. Some considerations include: 

Web Application Firewall (WAF) 

A WAF controls the security of any web-based applications by continually filtering and monitoring traffic between applications and the internet. It is particularly useful in protecting customer data from targeted attacks linked to fraud or identify theft.  

Content Delivery Network (CDN) 

CDNs are invaluable for organisations these days to both receive and deliver content, but they can be exploited by criminals looking for cached personal data, as CDNs so not block bots like firewalls. Extra security measures to ensure CDNs’ advantage for content performance is necessary. 

Data Loss Prevention (DLP) 

This solution cuts out the extraction of stored data, and prevents the further transfer of stolen data. It can help to remain compliant with GDPR measures.  

Secure sites are a no brainer 

Strengthening security throughout your website’s components, code, and customer data collection will only have positive effects on its whole performance. It’s a win-win: avoid compliance breaches and boost your web presence capabilities. 

Protecting passwords (which account for 80% of hacks) with multi-factor authentication, setting user permissions, installing an SSL certificate for data encryption, automating backups of your site are all the basics of security and help to remain GDPR compliant. These can all be strengthened through a well hosted WordPress website.  

To find out more about bolstering security using WordPress to host your company’s website, book a chat with one of the Statik team.